Home/ Questions/Q 683129
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T01:40:23+00:00

ORIGINAL TEXT REMOVED OK, so I found the original problem thanks to a helpful

  • 0

ORIGINAL TEXT REMOVED

OK, so I found the original problem thanks to a helpful answer.
It lists “Invalid query: No database selected” as the error.

require_once ('../dir_connect.php');            

$dbc = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
        if (!$dbc) {
            die('Could not connect: ' . mysql_error());
        }

If I have this, and I have this in the dir_connect.php file:

/** The name of the database */
define('DB_NAME', 'unlisted_employees');

/** MySQL database username */
define('DB_USER', 'unlisted_qpass');

/** MySQL database password */
define('DB_PASSWORD', 'testpass');

/** MySQL hostname */
define('DB_HOST', 'localhost');

Is there something I need to add to make an actual database connection?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need to check the return value of the mysql_query() call.

    http://php.net/manual/en/function.mysql-query.php

    $result = mysql_query($query);
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

    Right now, you’ll never actually hit the error condition and won’t actually see what (if any) error that MySQL is sending back to you.

    Also, you probably want to escape the values you are plugging into the query instead of just doing normal string concatentation. If you don’t, your app could be vulnerable to a SQL injection attack. Here is how to generate the query safely:

    $query = sprintf("INSERT INTO staff (name, lastname, username, password, position, department, birthmonth, birthday, birthyear, location, phone, email, street, city, state, country, zip, tags, photo) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
                mysql_real_escape_string($name),
                mysql_real_escape_string($lastname),
                mysql_real_escape_string($username),
                mysql_real_escape_string($password),
                mysql_real_escape_string($position),
                mysql_real_escape_string($department),
                mysql_real_escape_string($birthmonth),
                mysql_real_escape_string($birthday),
                mysql_real_escape_string($birthyear),
                mysql_real_escape_string($location),
                mysql_real_escape_string($phone),
                mysql_real_escape_string($email),
                mysql_real_escape_string($street),
                mysql_real_escape_string($city),
                mysql_real_escape_string($state),
                mysql_real_escape_string($country),
                mysql_real_escape_string($zip),
                mysql_real_escape_string($tags),
                mysql_real_escape_string($photo));

    EDIT: Just saw your comment to another answer. If you are already doing the escaping like:

    $birthday = mysql_real_escape_string(trim($_POST['birthday']));

    then you don’t need to escape it when generating the query. It’s probably better practice to do the escaping at the time you generate the query so it is clear that you aren’t missing anything.

    EDIT2: According to the docs, mysql_connect() should take the host, user, and password and then you need to do a mysql_select_db() call afterwards to pick the correct database.

    http://www.php.net/manual/en/function.mysql-select-db.php

    $dbc = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if (!$dbc) {
    die('Could not connect: ' . mysql_error());
}

// make foo the current db
$db_selected = mysql_select_db(DB_NAME, $dbc);
if (!$db_selected) {
    die ('Could not select database: ' . mysql_error());
}

    (BTW, you should edit your question and put back the original text so it might be useful to others finding this topic later!)

    • 0